254 matches found
Horde Turba status.php Path Disclosure
There is a flaw in the file 'status.php' of this CGI which may allow an attacker to retrieve the physical path of the remote web root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 17 May 2003 13:18:59 -0000 From: Lorenzo Manuel Hernandez Garcia-Hierro To:...
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
The remote host has the cgi 'counter.php' installed. This CGI contains a flaw that can be abused by an attacker to overwrite arbitrary files on the system with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...
thttpd Host Header Traversal Arbitrary File Access
The remote HTTP server allows anyone to browse the files on the remote host by sending HTTP requests with a Host: field set to '../../'. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11576; scriptversion "1.18"; scriptcveid"CVE-2002-1562", "CVE-2003-0899";...
IdeaBox include.php ideaDir Parameter Remote File Inclusion
It is possible to make the remote host include PHP files hosted on a third-party server using ideabox. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date:...
[NT] BadBlue Arbitrary Administrative Actions Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...
Buffer Overflow in mod_ssl
Overview A buffer overflow exists in modssl. Description modssl is an Apache module that allows secure connections over X.509 authenticated channels. A buffer overflow exists in the sslcompatdirective function. For more detailed information, please see the original vulnerability report. --- Impac...
@(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function
//@ Mordred Security Labs advisory Release date: April 1, 2003 Name: Integer overflow in PHP arraypad function Versions affected: all versions Risk: average Author: Sir Mordred [email protected] I. Description: PHP is a widely-used general-purpose scripting language that is especially suited for...
Microsoft FrontPage Unpassworded Installation
The remote web server appears to have FrontPage Extensions installed with incorrectly set permissions. A remote attacker could exploit this to modify web pages on the server. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11455; scriptversion "$Revision: 1.21 $";...
E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion
It is possible to make the remote host include PHP files hosted on a third-party server using E-Theni. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From:...
PHP-Nuke 6.5 Addon - 'Viewpage.php' File Disclosure
source: https://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances. It should be noted that this...
SimpleChat Information Disclosure
It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently connected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 20 Mar 2003...
Apache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)
The remote host appears to be running a version of Apache 2.0.x prior to 2.0.43. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this vulnerability by making a POST request to files in a folder with both WebDAV and CGI enabled. Note that Nessus solel...
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (1)
// source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerabili...
Cedric Email Reader 0.20.3 - Skin Configuration Script Remote File Inclusion
Cedric Email Reader 0.20.3 - Skin Configuration Script Remote File Inclusion source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is...
N/X Web Content Management System 2002 Prerelease 1 - 'menu.inc.php?c_path' Remote File Inclusion
source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...
LiteServe HTTP Service Malformed URL Decoding Remote DoS
The remote web server does not respond after it receives a URL consisting of a long string of '%' characters. Note that if the web server is protected with some sort of Intrusion Prevention Systems IPS, this may be a false-positive. C Tenable Network Security, Inc. Affected: Webseal 3.8 unconfirm...
CVE-2002-1353
LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst...
CVE-2002-0686
Buffer overflow in the search component for iPlanet Web Server iWS 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter...
Moderate: Red Hat Security Advisory: apache security update for Stronghold
The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution. Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests encoded using "chunked...
JRun Multiple Sample Files Remote Information Disclosure
This host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information as...